Re: [DNG] vdev

[Robert Storey]

> From: richard lucassen 
> Subject: Re: [DNG] vdev
>
> So, please join the Group Of Three who are testing vdev. Without vdev
> or any other standalone udev version Devuan is stillborn. This whole
> vdev beast is much more complicated than a single daemon. We need
> testing, input, otherwise we'll go down the drain. It is as simple as
> that.

Hi Richard,

OK, I'm willing to join the Group-of-Three and file bug reports. But may I
just ask this...

Someplace, somewhere on the Internet (maybe on devuan.org, github,
wherever) can we just have a simple how-to for installing and setting up
vdev? I suppose this info is already out there someplace, but I don't know
where, and it needs to be easy to find.

The how-to doesn't need to be any more than a few sentences. Something like:

Add the following line to your /etc/apt/sources.list
deb http://whatever.devuan.org/blah-blah/ jessie main

apt-get update

apt-get install vdev

Edit file blah-blah.conf in your /etc directory to read as follows...
...and so on

Thanks in advance,
Robert
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] vdev

[Ralph Ronnquist]

richard lucassen wrote on 12/08/16 01:33:

On Fri, 12 Aug 2016 15:33:52 +0200
aitor_czr  wrote:


I'm talking about e.g. /dev/ttyS0. After a boot it looks like:

crw---  1 root root  4,  64 Aug 11 11:32 ttyS0

After a manual restart of vdev it is what it should be:

crw-rw  1 root dialout   4,  64 Aug 11 11:32 ttyS0
...


[Point taken re eudev]

The set up I now have, does the right thing on boot. I think.

Firstly, it loads vdev from initrd during the first stage boot, and then 
it exits. A snapshot of /dev taken before the next start shows all 
filemod settings to be fine.


Secondly it loads vdev anew at the sysvinit startup, and then this stays 
on as a daemon. The filemod settings at this time remain good.


Plugging in a USB disk via virtio redirection gains two new entries 
/dev/sdd and /dev/sdd1, with appropriate filemod settings.


This is with vdev installed from the debs, followed by my hands-on, 
which resulted in the snapshot files and links. Exactly. I also have 
removed all *udev* links from /etc/rcS.d (as otherwise update-rc.d gets 
upset about two different udev provisions)


The diff relative a clean debs install tells of a) two revisions for the 
provided files: the changes to /usr/etc/vdev/vdevd.conf, and to 
/usr/lib/vdev/udev-compat.sh, b) the additions of 
/usr/lib/vdev/daemonlet and /usr/etc/vdev/acls/00-whitelist-root.acl, 
and c) the additional /root tree for initrd building.


Now, I would suggest a blanket revision to the debs, to remove the /usr 
prefix from all its file paths. Then change /etc/vdev/vdevd.conf and the 
initrd building scripts accordingly. Thereafter work out how to 
postinstall vdev to also purge systemd-udev without it messing with its 
dependencies. (You don't want the kernel uninstalled)

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] vdev

[aitor_czr]

On 08/11/2016 07:13 PM, richard lucassen  wrote:

> >I'm talking about e.g. /dev/ttyS0. After a boot it looks like:
> >
> >crw---  1 root root  4,  64 Aug 11 11:32 ttyS0
> >
> >After a manual restart of vdev it is what it should be:
> >
> >crw-rw  1 root dialout   4,  64 Aug 11 11:32 ttyS0
> >
> >$ cat /etc/vdev/actions/ttyS.act
> >[vdev-action]
> >event=add
> >path=^ttyS[0-9]+$
> >VAR_PERMISSIONS_OWNER=root
> >VAR_PERMISSIONS_GROUP=dialout
> >VAR_PERMISSIONS_MODE=0660
> >helper=permissions.sh
> >
> >This action is NOT executed during boot, but after a manual restart
> >it is executed. So: what is your ownership/permission of /dev/ttyS0
> >after a reboot? And how does it look like when you restart vdevd?
> >Do you see the same phenomena?
> >
> >R.

>
>Ok, thanks:)

You're welcome. But do you see the same phenomena?;-)


Piano, piano :)

Tomorrow i'll compare both cases.

  Aitor.



___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] vdev

[fsmithred]

Correction:

apt-get -t nosystemd install udev

SHOULD BE

apt-get -t experimental install udev

-fsr


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] vdev

[fsmithred]

On 08/11/2016 11:48 AM, richard lucassen wrote:
> On Thu, 11 Aug 2016 08:05:49 -0400
> Steve Litt  wrote:
> 
>>> And has someone ever played with eudev? Slackware has moved to
>>> eudev. Maybe it's better to try that instead of vdev?
>>
>> Before trading in vdev for eudev, consider this question: What if Red
>> Hat bought their way into maintainership of eudev, poetterized it, and
>> emptied out previous versions on Git. That's what they did with
>> dracut.
> 
> If ever this would happen there will immediately be a fork called fudev.
> 
> And what if RH bought their way into maintainership of the kernel?
>  
>> Are Gentoo and Slackware good stewards for eudev? Slackware has
>> consistently avoided a commitment never to go with systemd, and Gentoo
>> (as opposed to Funtoo) is very proud of their init agnostic stance,
>> which of course they'll kick to the curb at the slightest pressure
>> from Redhat.
> 
> I have no idea. But instead of bashing systemd, Poettering and RedHat
> c.s., it would be more effective for people here to spend some time in
> testing vdev, wouldn't it? (this is not meant to be Steve bashing btw)
> 
>> I love the idea of experimenting with eudev: It's free software, maybe
>> we can improve vdev with what we learn from it. But for reasons stated
>> in my previous two paragraphs, I think moving our target from vdev to
>> eudev would be a bad idea.
> 
> So, please join the Group Of Three who are testing vdev. Without vdev
> or any other standalone udev version Devuan is stillborn. This whole
> vdev beast is much more complicated than a single daemon. We need
> testing, input, otherwise we'll go down the drain. It is as simple as
> that.
> 
> R.
> 


Sorry, I missed two day, and now I've fallen way behind you guys. All I've
done so far was install and test Aitor's first deb package, and I already
reported on that. One thing I forgot to mention is that, even though it
doesn't fully boot (I get error messages about missint ttys) I am able to
connect to it through ssh.

Anyway, I'm going to start with Jude's directions and see if I can catch
up. Meanwhile, I did do something useful, and I can answer your question
about eudev - yeah, I tried it, and it seems to work (with minimal
testing). I used the debs that David Hare made about a year ago.

And let me add that I agree with Steve that we should keep working on vdev.

add this line to your sources:
deb http://exegnulinux.net/nosystemd/ experimental main

Install this key
http://exegnulinux.net/nosystemd/pool/main/e/exegnu-archive-keyring/exegnu-archive-keyring_0.0.1_all.deb

apt-get update
apt-get install eudev (seems to install the libraries)
apt-get -t nosystemd install udev  (honest)

It will rebuild the initrd.

Reboot.

Note: I'm testing on a live usb with persistence, so I can easily delete
my changes and start over.

Note2: I'm still laughing about fudev.

-fsr



___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] mouse configuration under LXDE?

[dev]

Ah.. nevermind... PEBKAC..

I have one of these keyboards

https://compass-ssl.xboxlive.com/assets/62/8d/628d39fb-0944-4cc1-9260-60ba6fcffd27.jpg?n=SED_STop_FY16New.jpg

And the little "fn" switch in the upper right was accidentally betwixt 
the two positions. No idea how that relates to the mouse, but sliding it 
all the way to the right seems to have fixed things.


Apologies for the static.

On 08/11/2016 10:07 AM, dev wrote:

Hello,
I have a logitiech M570 wireless mouse hooked up to my Devuan desktop
running LXDE.  For the past week or so clicking the middle button
(scroll wheel + button) sometimes pastes in two copies of the text,
sometimes one copy, and sometimes nothing at all.

I installed some updates earlier this week; don't remember what they
were. Maybe something in there is messing with USB mouse?

I've tried plugging the USB receiver into different ports as well as
rebooting, and tried a new battery. Still the same.

Is there some other way to fiddle with mouse settings other than what's
under "Bird Menu" > preferences > keyboard and mouse?

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] GDBus error in LXDE desktop

[Emiliano Marini]

Just selected "LXDE" during Devuan installation. It uses slim (Devuan's
default, right?).

I'm amazed how fast Devuan starts using LXDE and uses only 243MB of memory
to get the desktop up and running!

I'm creating a Devuan appliance for my students (to teach C and assembly),
so I need a tiny iso/vdi/vmdk file to simplify sharing it.

Cheers.

On Fri, Aug 12, 2016 at 10:31 AM, aitor_czr  wrote:

>
> Hi Emiliano,
>
> On 08/11/2016 02:00 PM, Emiliano Marini 
>  wrote:
>
> ore information on this:
>
> root@devuan:/home/usuario# grep GDBus -A 3 -B 
> 3*/home/usuario/*.cache/lxsession/LXDE/run.log
> ** Message: autostart.vala:42: Autostart path 
> :*/home/usuario/*.config/lxsession/LXDE/autostart
> ** Message: app.vala:76: Launching lxpanel
>
> ** (lxpolkit:2179): WARNING **: Unable to register authentication agent:
> GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine user
> of subject
> ** Message: app.vala:76: Launching pcmanfm
> ** Message: app.vala:76: Launching xscreensaver
> ** Message: options.vala:107: Create build-in Clipboard
> root@devuan:/home/usuario#
>
>
> Are you using a login-manager (like slim, lightdm...), or are you trying
> it with startx (xinit) ?
>
>   Aitor.
>
>
>
>
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Debian install

[Paweł Cholewiński]

W dniu 08.08.2016 o 17:38, richard lucassen pisze:

On Mon, 8 Aug 2016 17:23:24 +0200
Adam Borowski  wrote:


I think this question can be removed?:

"Participate in the package usage survey?"


It's opt-in, and provides useful data.


It's ok for me, but Devuan != Debian



Hi Richard,
if You found unique issue regarding installer please report it here 
https://git.devuan.org/devuan-packages/debian-installer/issues


Thanks,
Paweł
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] vdev

[richard lucassen]

On Thu, 11 Aug 2016 08:05:49 -0400
Steve Litt  wrote:

> > And has someone ever played with eudev? Slackware has moved to
> > eudev. Maybe it's better to try that instead of vdev?
> 
> Before trading in vdev for eudev, consider this question: What if Red
> Hat bought their way into maintainership of eudev, poetterized it, and
> emptied out previous versions on Git. That's what they did with
> dracut.

If ever this would happen there will immediately be a fork called fudev.

And what if RH bought their way into maintainership of the kernel?
 
> Are Gentoo and Slackware good stewards for eudev? Slackware has
> consistently avoided a commitment never to go with systemd, and Gentoo
> (as opposed to Funtoo) is very proud of their init agnostic stance,
> which of course they'll kick to the curb at the slightest pressure
> from Redhat.

I have no idea. But instead of bashing systemd, Poettering and RedHat
c.s., it would be more effective for people here to spend some time in
testing vdev, wouldn't it? (this is not meant to be Steve bashing btw)

> I love the idea of experimenting with eudev: It's free software, maybe
> we can improve vdev with what we learn from it. But for reasons stated
> in my previous two paragraphs, I think moving our target from vdev to
> eudev would be a bad idea.

So, please join the Group Of Three who are testing vdev. Without vdev
or any other standalone udev version Devuan is stillborn. This whole
vdev beast is much more complicated than a single daemon. We need
testing, input, otherwise we'll go down the drain. It is as simple as
that.

R.

-- 
___
It is better to remain silent and be thought a fool, than to speak
aloud and remove all doubt.

+--+
| Richard Lucassen, Utrecht|
+--+
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] vdev

[richard lucassen]

On Fri, 12 Aug 2016 15:33:52 +0200
aitor_czr  wrote:

> > I'm talking about e.g. /dev/ttyS0. After a boot it looks like:
> >
> > crw---  1 root root  4,  64 Aug 11 11:32 ttyS0
> >
> > After a manual restart of vdev it is what it should be:
> >
> > crw-rw  1 root dialout   4,  64 Aug 11 11:32 ttyS0
> >
> > $ cat /etc/vdev/actions/ttyS.act
> > [vdev-action]
> > event=add
> > path=^ttyS[0-9]+$
> > VAR_PERMISSIONS_OWNER=root
> > VAR_PERMISSIONS_GROUP=dialout
> > VAR_PERMISSIONS_MODE=0660
> > helper=permissions.sh
> >
> > This action is NOT executed during boot, but after a manual restart
> > it is executed. So: what is your ownership/permission of /dev/ttyS0
> > after a reboot? And how does it look like when you restart vdevd?
> > Do you see the same phenomena?
> >
> > R.
> 
> Ok, thanks :)

You're welcome. But do you see the same phenomena? ;-)

-- 
___
It is better to remain silent and be thought a fool, than to speak
aloud and remove all doubt.

+--+
| Richard Lucassen, Utrecht|
+--+
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] mouse configuration under LXDE?

[dev]

Hello,
I have a logitiech M570 wireless mouse hooked up to my Devuan desktop 
running LXDE.  For the past week or so clicking the middle button 
(scroll wheel + button) sometimes pastes in two copies of the text, 
sometimes one copy, and sometimes nothing at all.


I installed some updates earlier this week; don't remember what they 
were. Maybe something in there is messing with USB mouse?


I've tried plugging the USB receiver into different ports as well as 
rebooting, and tried a new battery. Still the same.


Is there some other way to fiddle with mouse settings other than what's 
under "Bird Menu" > preferences > keyboard and mouse?

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] [OT] Microsoft Secure Boot key leaked

[Simon Hobson]

dev  wrote:

> Just ran across this. Not sure what it means for Open Source bootloaders.
> 
> "The key basically allows anyone to bypass the provisions Microsoft has put 
> in place ostensibly to prevent malicious versions of Windows from being 
> installed, on any device running Windows 8.1 and upwards with Secure Boot 
> enabled."

Basically it means you can install pretty well any system. The headline is a 
bit misleading since they haven't leaked the "golden key" backing all this 
security stuff up, but have inadvertently left a specific policy on the devices 
which (if enabled) tells the bootloader to ignore any signing errors.

So while normally, if you tried to use your own software, the bootloader would 
barf and refuse to run it as unsigned or not signed with a known key, in this 
case it has an instruction telling it to ignore those errors.

"not 'arf bad" explanation in this article on TheReg
http://www.theregister.co.uk/2016/08/10/microsoft_secure_boot_ms16_100/


Sadly it's not half as useful as if they had really leaked their "golden key" - 
because with that, anyone would be able to sign anything for any device 
trusting MS keys, and that WOULD be interesting !

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] vdev

[aitor_czr]

On 08/11/2016 01:23 PM, richard lucassen wrote:

On Fri, 12 Aug 2016 10:40:43 +0200
aitor_czr  wrote:


> >>Aitor, does your vdev set the permissions and ownerships correctly?

> >
> >I have to suid vdevd in debian/vdevd.postinst. The /usr/sbin is
> >missing in your snapshot.

>
>No, i'll give the following permissions:
>
>-rwxr-xr-x

I'm talking about e.g. /dev/ttyS0. After a boot it looks like:

crw---  1 root root  4,  64 Aug 11 11:32 ttyS0

After a manual restart of vdev it is what it should be:

crw-rw  1 root dialout   4,  64 Aug 11 11:32 ttyS0

$ cat /etc/vdev/actions/ttyS.act
[vdev-action]
event=add
path=^ttyS[0-9]+$
VAR_PERMISSIONS_OWNER=root
VAR_PERMISSIONS_GROUP=dialout
VAR_PERMISSIONS_MODE=0660
helper=permissions.sh

This action is NOT executed during boot, but after a manual restart it
is executed. So: what is your ownership/permission of /dev/ttyS0 after a
reboot? And how does it look like when you restart vdevd? Do you see
the same phenomena?

R.


Ok, thanks :)


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] GDBus error in LXDE desktop

[aitor_czr]

Hi Emiliano,

On 08/11/2016 02:00 PM, Emiliano Marini  wrote:

ore information on this:

root@devuan:/home/usuario# grep GDBus -A 3 -B 3
/home/usuario/.cache/lxsession/LXDE/run.log
** Message: autostart.vala:42: Autostart path :
/home/usuario/.config/lxsession/LXDE/autostart
** Message: app.vala:76: Launching lxpanel

** (lxpolkit:2179): WARNING **: Unable to register authentication agent:
GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine user
of subject
** Message: app.vala:76: Launching pcmanfm
** Message: app.vala:76: Launching xscreensaver
** Message: options.vala:107: Create build-in Clipboard
root@devuan:/home/usuario#


Are you using a login-manager (like slim, lightdm...), or are you trying 
it with startx (xinit) ?


  Aitor.



___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] [OT] Microsoft Secure Boot key leaked

[dev]

Just ran across this. Not sure what it means for Open Source bootloaders.

"The key basically allows anyone to bypass the provisions Microsoft has 
put in place ostensibly to prevent malicious versions of Windows from 
being installed, on any device running Windows 8.1 and upwards with 
Secure Boot enabled."


http://arstechnica.com/security/2016/08/microsoft-secure-boot-firmware-snafu-leaks-golden-key/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] GDBus error in LXDE desktop

[Emiliano Marini]

Solved disabling Polkit agent in LXDE configuration:

https://postimg.org/image/5tymnm8l7/

Justo open "Preferences > Default applications for LXSession" and got to
"Core applications" tab, then clear the "Polkit agent" field and close the
window.

No more warnings on next boot.


On Thu, Aug 11, 2016 at 8:55 AM, Emiliano Marini  wrote:

> More information on this:
>
> root@devuan:/home/usuario# grep GDBus -A 3 -B 3 /home/usuario/.cache/
> lxsession/LXDE/run.log
> ** Message: autostart.vala:42: Autostart path : /home/usuario/.config/
> lxsession/LXDE/autostart
> ** Message: app.vala:76: Launching lxpanel
>
> ** (lxpolkit:2179): WARNING **: Unable to register authentication agent:
> GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine
> user of subject
> ** Message: app.vala:76: Launching pcmanfm
> ** Message: app.vala:76: Launching xscreensaver
> ** Message: options.vala:107: Create build-in Clipboard
> root@devuan:/home/usuario#
>
>
>
> On Thu, Aug 11, 2016 at 8:35 AM, Emiliano Marini <
> emilianomarin...@gmail.com> wrote:
>
>> Thanks Aitor, I've searched the gitlab to post this, but didn't found
>> nothing related to LXDE.
>>
>> On Thu, Aug 11, 2016 at 7:49 PM, aitor_czr  wrote:
>>
>>>
>>> On 08/10/2016 07:50 PM, Emiliano Marini 
>>>  wrote:
>>>
>>> Sorry but it's ok to report bugs on this list?
>>>
>>> Cheers,
>>> Emiliano.
>>>
>>>
>>> LOL, of course... I think so :)
>>>
>>>   Aitor.
>>>
>>>
>>>
>>
>
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Security news about TCP weakness

[Rick Moen]

Quoting Simon Hobson (li...@thehobsons.co.uk):

> As Arnt Karlsen mentioned in the Bootloaders thread, there a new twist
> which is the result of a security fix
> 
> http://www.theregister.co.uk/2016/08/10/linux_tor_users_open_corrupted_communications/
> 
> In a bid to thwart the risk from injected packets carrying the right
> quintuplet of source and dest IPs, source & dest ports, and sequence
> numbers, it now seems that there are "occasional" challenge packets
> sent.  Simplifying a lot, basically one end will send packets to the
> other asking "did you really send that ?" - so if someone is spoofing
> fake traffic then it'll come to light.
> 
> As these packets are globally rate limited - a third party can send a
> flood of dodgy packets to cause this limit to be exceeded, and thus
> disable the protection it provides. As I read it, the attack doesn't
> really bring anything new other than the ability to disable the
> security offered by RFC 5961 - and thus lower the threshold to that of
> the original CVE from 2004.

I suspect the best interim solution is to set
/proc/sys/net/ipv4/tcp_challenge_ack_limit=9 via sysctl, until
something better-thought-out than RFC 5961 comes out.

-- 
Cheers,  QA engineer walks into a bar.  Orders a beer.
Rick MoenOrders 0 beers.  Orders 9 beers.  Orders
r...@linuxmafia.com  a lizard.  Orders -1 beers.  Orders a sfdeljknesv.
McQ! (4x80)  -- @sempf, https://www.sempf.net/post/On-Testing1.aspx
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] vdev

[Steve Litt]

On Thu, 11 Aug 2016 10:00:10 +0200
richard lucassen  wrote:

> On Thu, 11 Aug 2016 08:30:16 +1000
> Ralph Ronnquist  wrote:
> 
> > Since '$?' is 'the result code of last command", it's IMO best
> > placed immediately after the command whose result code to capture.
> > Here, previously, it captured the result of the (failed, as it were)
> > attempt to echo to the log file, rather than the result of
> > event-put.  
> 
> Ok, but apparently this did not make any difference, although I get
> the impression that there are only four people in the world to test
> vdev. Do you also have this phenomena that permissions are not set
> correctly at boot time?
> 
> And has someone ever played with eudev? Slackware has moved to eudev.
> Maybe it's better to try that instead of vdev?

Before trading in vdev for eudev, consider this question: What if Red
Hat bought their way into maintainership of eudev, poetterized it, and
emptied out previous versions on Git. That's what they did with dracut.

Are Gentoo and Slackware good stewards for eudev? Slackware has
consistently avoided a commitment never to go with systemd, and Gentoo
(as opposed to Funtoo) is very proud of their init agnostic stance,
which of course they'll kick to the curb at the slightest pressure from
Redhat.

I love the idea of experimenting with eudev: It's free software, maybe
we can improve vdev with what we learn from it. But for reasons stated
in my previous two paragraphs, I think moving our target from vdev to
eudev would be a bad idea.

SteveT

Steve Litt
August 2016 featured book: Manager's Guide to Technical Troubleshooting
  Brand new, second edition
http://www.troubleshooters.com/mgr
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] GDBus error in LXDE desktop

[Emiliano Marini]

More information on this:

root@devuan:/home/usuario# grep GDBus -A 3 -B 3
/home/usuario/.cache/lxsession/LXDE/run.log
** Message: autostart.vala:42: Autostart path :
/home/usuario/.config/lxsession/LXDE/autostart
** Message: app.vala:76: Launching lxpanel

** (lxpolkit:2179): WARNING **: Unable to register authentication agent:
GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine user
of subject
** Message: app.vala:76: Launching pcmanfm
** Message: app.vala:76: Launching xscreensaver
** Message: options.vala:107: Create build-in Clipboard
root@devuan:/home/usuario#



On Thu, Aug 11, 2016 at 8:35 AM, Emiliano Marini  wrote:

> Thanks Aitor, I've searched the gitlab to post this, but didn't found
> nothing related to LXDE.
>
> On Thu, Aug 11, 2016 at 7:49 PM, aitor_czr  wrote:
>
>>
>> On 08/10/2016 07:50 PM, Emiliano Marini 
>>  wrote:
>>
>> Sorry but it's ok to report bugs on this list?
>>
>> Cheers,
>> Emiliano.
>>
>>
>> LOL, of course... I think so :)
>>
>>   Aitor.
>>
>>
>>
>
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] vdev

[richard lucassen]

On Thu, 11 Aug 2016 20:41:33 +1000
Ralph Ronnquist  wrote:

> > It builds fine, but it does not work yet. I think there are a bunch
> > of other things to do. It adds a usb stick as a character device :-)
> 
> Yes I've worked out the building, and installing, without /usr
> prefix, and so far only in a firejail overlay, just to see what it
> installs.
> 
> There's nothing for initrd though, is there? Isn't that needed?

I haven't looked for that yet.

> I guess I should crank up the vdev host again. It's just a qemu
> client, so I'll need to do some hands-on to attach a usb connector. I
> can't use the virt-viewer menu, because that'll redirect through a
> virtio redirection device which indeed is a character device.

I test vdev/eudev on a separate partition on a real machine (laptop). In
that way I can always reboot the machine to a working partition
whenever I fsck up the whole thing :)

R.

-- 
richard lucassen
http://contact.xaq.nl/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] GDBus error in LXDE desktop

[Emiliano Marini]

Thanks Aitor, I've searched the gitlab to post this, but didn't found
nothing related to LXDE.

On Thu, Aug 11, 2016 at 7:49 PM, aitor_czr  wrote:

>
> On 08/10/2016 07:50 PM, Emiliano Marini 
>  wrote:
>
> Sorry but it's ok to report bugs on this list?
>
> Cheers,
> Emiliano.
>
>
> LOL, of course... I think so :)
>
>   Aitor.
>
>
>
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Security news about TCP weakness

[Simon Hobson]

I wrote:

> Go Linux  wrote:
> 
>> For those of you so inclined.  Is this important, old news or just academic 
>> posturing?  
> 
> I think it's all three !
> It looks very much related to a CVE from 2004
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0230

OK, so it now looks like it is a new development - but still related.

As Arnt Karlsen mentioned in the Bootloaders thread, there a new twist which is 
the result of a security fix

http://www.theregister.co.uk/2016/08/10/linux_tor_users_open_corrupted_communications/

In a bid to thwart the risk from injected packets carrying the right quintuplet 
of source and dest IPs, source & dest ports, and sequence numbers, it now seems 
that there are "occasional" challenge packets sent.
Simplifying a lot, basically one end will send packets to the other asking "did 
you really send that ?" - so if someone is spoofing fake traffic then it'll 
come to light.

As these packets are globally rate limited - a third party can send a flood of 
dodgy packets to cause this limit to be exceeded, and thus disable the 
protection it provides. As I read it, the attack doesn't really bring anything 
new other than the ability to disable the security offered by RFC 5961 - and 
thus lower the threshold to that of the original CVE from 2004.

I can't help thinking that some of the threat is over-stated though. The 
article mentions "The only piece of information that is needed is the pair of 
IP addresses ... which is fairly easy to obtain". So a starting point is that 
you have to know that two IPs are communicating - that may be obvious for some 
situation, but is far from "easy to obtain" in the general case.

It then goes on to say "To successfully insert data into a connection you have 
to know the two IP addresses and the source and destination ports – known as a 
four-tuple – plus the next valid serial numbers stamped on the exchanged 
packets." One port number will be obvious in many cases - eg port 25 for SMTP, 
port 80 for HTTP - but the other end may well be using any of a random pick 
from 1024 to 65535.
In fact, one mitigation route for a DNS attack figured out a few years ago was 
the simple act of making your resolver *not* use source port 53 for outbound 
requests - thus avoiding the simple attack of triggering a resolver to make a 
lookup, and flooding it with false replies to inject fake results into it's 
cache.

And you still need to know the sequence numbers being used or the fake packets 
will be dropped as out of sequence. And of course, you need to know when the 
transmission is taking place.
Put another way ... IF you know that two devices are communicating, AND you 
know when this is taking place, AND you know the port numbers used by both 
ends, AND you know the packet sequence numbers - then this "new" attack will 
allow you to use an old attack method by disabling the mitigation put in to 
block it.
But if you're using SSL (or in fact, any half decent form of encryption or data 
validation) over the connection then the attack would fail anyway.

So while it *may* be a risk for certain type of traffic, *iff* the potential 
rewards are high enough to make the substantial effort worthwhile, I can't help 
thinking it's a bit like so many other areas of risk mitigation - worrying 
about a hard attack then there's an easier one. A bit like how (according to 
stuff I've read) cars are now so hard to drive away without the keys, that the 
thieves often just nick the keys from the lesser secured house.

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] vdev

[richard lucassen]

On Fri, 12 Aug 2016 10:40:43 +0200
aitor_czr  wrote:

> >> Aitor, does your vdev set the permissions and ownerships correctly?
> >
> > I have to suid vdevd in debian/vdevd.postinst. The /usr/sbin is 
> > missing in your snapshot.
> 
> No, i'll give the following permissions:
> 
> -rwxr-xr-x

I'm talking about e.g. /dev/ttyS0. After a boot it looks like:

crw---  1 root root  4,  64 Aug 11 11:32 ttyS0

After a manual restart of vdev it is what it should be:

crw-rw  1 root dialout   4,  64 Aug 11 11:32 ttyS0

$ cat /etc/vdev/actions/ttyS.act 
[vdev-action]
event=add
path=^ttyS[0-9]+$
VAR_PERMISSIONS_OWNER=root
VAR_PERMISSIONS_GROUP=dialout
VAR_PERMISSIONS_MODE=0660
helper=permissions.sh

This action is NOT executed during boot, but after a manual restart it
is executed. So: what is your ownership/permission of /dev/ttyS0 after a
reboot? And how does it look like when you restart vdevd? Do you see
the same phenomena?

R.

-- 
___
It is better to remain silent and be thought a fool, than to speak
aloud and remove all doubt.

+--+
| Richard Lucassen, Utrecht|
+--+
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] vdev

[Ralph Ronnquist]

On 11/08/16 20:15, richard lucassen wrote:

Thanks. github showed up 24 eudev bundles, with some 2-3 noted as
"debian packaged", though gentoo/eudev has most recent activity, so
maybe it's good to go from there to begin with.


It builds fine, but it does not work yet. I think there are a bunch of
other things to do. It adds a usb stick as a character device :-)


Yes I've worked out the building, and installing, without /usr prefix, 
and so far only in a firejail overlay, just to see what it installs.


There's nothing for initrd though, is there? Isn't that needed?

I guess I should crank up the vdev host again. It's just a qemu client, 
so I'll need to do some hands-on to attach a usb connector. I can't use 
the virt-viewer menu, because that'll redirect through a virtio 
redirection device which indeed is a character device.

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] vdev

[richard lucassen]

On Thu, 11 Aug 2016 19:52:34 +1000
Ralph Ronnquist  wrote:

> Thanks. github showed up 24 eudev bundles, with some 2-3 noted as 
> "debian packaged", though gentoo/eudev has most recent activity, so 
> maybe it's good to go from there to begin with.

It builds fine, but it does not work yet. I think there are a bunch of
other things to do. It adds a usb stick as a character device :-)

-- 
richard lucassen
http://contact.xaq.nl/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] vdev

[Ralph Ronnquist]

On 11/08/16 19:38, Jim Murphy wrote:

On Thu, Aug 11, 2016 at 3:29 AM, Ralph Ronnquist
 wrote:

Is that the gentoo/eudev bundle?



Ralph.


From my Funtoo system:

*  sys-fs/eudev
  Latest version available: 3.1.5
  Latest version installed: 3.1.5
  Size of files: 1,705 KiB
  Homepage:  https://github.com/gentoo/eudev
  Description:   Linux dynamic and persistent device naming
support (aka userspace devfs)
  License:   LGPL-2.1 MIT GPL-2

*  virtual/udev
  Latest version available: 217
  Latest version installed: 217
  Size of files: 0 KiB
  Homepage:
  Description:   Virtual to select between different udev daemon providers
  License:

FWIW.

Jim


Thanks. github showed up 24 eudev bundles, with some 2-3 noted as 
"debian packaged", though gentoo/eudev has most recent activity, so 
maybe it's good to go from there to begin with.

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Your computer clock: Was:Re: vdev

[Simon Hobson]

On 11 Aug 2016, at 14:39, aitor_czr  wrote:

> I'm not Steven Spielberg :)

No, but you've time-warped into the future again ! From the vdev thread :

> Received: from [*.*.*.*] (*.*.*.*.dynamic.clientes.euskaltel.es
>  [*.*.*.*]) (Authenticated sender: ***@***)
>  by player737.ha.ovh.net (Postfix) with ESMTPSA id 45BAFE009A;
>  Thu, 11 Aug 2016 10:43:40 +0200 (CEST)
> ...
> Date: Fri, 12 Aug 2016 10:40:43 +0200

So it's looking very much like your system is insisting on being near-enough 
exactly one full day ahead of where it should be. That's actually (I think) 
quite hard to do without either doing it manually or having something screwed 
up in an "interesting" way.

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] vdev

[richard lucassen]

On Fri, 12 Aug 2016 11:24:59 +0200
aitor_czr  wrote:

> > I just run test mode and for the moment vdevd seems to ignore
> > the/etc/vdev/actions/* files. Anyone a hint why vdev ignores these
> > files?
> 
> As you would have be able to verify, the location for the actions is:
> 
> //etc/init.d/vdev/actions/*.act/

The init script has the same name as your directory:

/etc/init.d/vdev

And vdevd is told to use the config file in which is stated:

$ grep actions /etc/vdev/vdevd.conf 
actions=/etc/vdev/actions

So, why doesn't it start up succesfully?

-- 
richard lucassen
http://contact.xaq.nl/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] vdev

[Jim Murphy]

On Thu, Aug 11, 2016 at 3:29 AM, Ralph Ronnquist
 wrote:
> Is that the gentoo/eudev bundle?

> Ralph.

From my Funtoo system:

*  sys-fs/eudev
  Latest version available: 3.1.5
  Latest version installed: 3.1.5
  Size of files: 1,705 KiB
  Homepage:  https://github.com/gentoo/eudev
  Description:   Linux dynamic and persistent device naming
support (aka userspace devfs)
  License:   LGPL-2.1 MIT GPL-2

*  virtual/udev
  Latest version available: 217
  Latest version installed: 217
  Size of files: 0 KiB
  Homepage:
  Description:   Virtual to select between different udev daemon providers
  License:

FWIW.

Jim
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] vdev

[aitor_czr]

Hi Richard,

On 08/09/2016 11:14 PM, richard lucassen  wrote:

I just run test mode and for the moment vdevd seems to ignore
the/etc/vdev/actions/* files. Anyone a hint why vdev ignores these
files?


As you would have be able to verify, the location for the actions is:

//etc/init.d/vdev/actions/*.act/

  Aitor.



___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] vdev

[aitor_czr]

Sorry Ralph,

On 08/12/2016 11:01 AM, aitor_czr wrote:

Hi Richard,

On 08/12/2016 10:40 AM, richard lucassen  
wrote:

I've now made a snapshot of the vdev files from the working disk.
> >available atwww.realthing.com.au/files/vdev/vdev-snapshot.tgz.


Did you add *acls/00-whitelist-root.acl* by hand?

Here you are the file provided by *VDEVD*:

- /usr/sbin/vdvd
- /usr/lib/vdev/helpers  (that's daemonlet, dev-setup.sh, echo_n, etc...)

And here you are the files provided by *EXAMPLE*:

- /usr/etc/init.d/vdev
- /usr/etc/vdev/actions/*.act
- /usr/etc/vdev/ifnames.conf
- /usr/etc/vdev/vdevd.conf

As you can see, *acls/00-whitelist-root.acl* is missing in the 
Makefile of "example".


Cheers,

  Aitor.


The snapshot was sent by you...

Sorry :)

  Aitor.



___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] vdev

[Ralph Ronnquist]

Ralph here; proud owner of the snapshot. Well, owner at least ;-)

Yes. I added two files that were missing from the debs. I took those 
from the Jude's github source (from some few days ago; I haven't checked 
for recent updates).


I also added the initramfs building tree, taken from the gituhob source 
and edited by me. If you want to diff those, you should get the github 
source.


Ralph.

On 12/08/16 19:01, aitor_czr wrote:


Hi Richard,

On 08/12/2016 10:40 AM, richard lucassen  wrote:

I've now made a snapshot of the vdev files from the working disk.
> >available atwww.realthing.com.au/files/vdev/vdev-snapshot.tgz.


Did you add *acls/00-whitelist-root.acl* by hand?

Here you are the file provided by *VDEVD*:

- /usr/sbin/vdvd
- /usr/lib/vdev/helpers  (that's daemonlet, dev-setup.sh, echo_n, etc...)

And here you are the files provided by *EXAMPLE*:

- /usr/etc/init.d/vdev
- /usr/etc/vdev/actions/*.act
- /usr/etc/vdev/ifnames.conf
- /usr/etc/vdev/vdevd.conf

As you can see, *acls/00-whitelist-root.acl* is missing in the Makefile
of "example".

Cheers,

  Aitor.






___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] vdev

[richard lucassen]

On Fri, 12 Aug 2016 09:35:27 +0200
aitor_czr  wrote:

> > Aitor, does your vdev set the permissions and ownerships correctly?
> 
> I have to suid vdevd in debian/vdevd.postinst. The /usr/sbin is
> missing in your snapshot.

It's not my snapshot ;-) And suid is not needed as vdevd is run as root.

When you start your computer, are all /dev/* permissions ok? I have to
restart vdev manually in order to get the right /dev/* permissions.

-- 
richard lucassen
http://contact.xaq.nl/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] vdev

[richard lucassen]

On Thu, 11 Aug 2016 18:29:05 +1000
Ralph Ronnquist  wrote:

> Is that the gentoo/eudev bundle? I'm not knowledgeable enough to have
> a comparative opinion re eudev vs vdev, but I don't mind giving that
> a go too. Though I'm not en par with package building...

Nor am I. But I can build it, but when adding a usb stick it adds it as
a character device :-( And there is little documentation AFAICS. But I
have only played with it for half an hour or so :)

-- 
richard lucassen
http://contact.xaq.nl/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] vdev

[aitor_czr]

Hi Richard,

On 08/12/2016 10:40 AM, richard lucassen  wrote:

I've now made a snapshot of the vdev files from the working disk.
> >available atwww.realthing.com.au/files/vdev/vdev-snapshot.tgz.


Did you add *acls/00-whitelist-root.acl* by hand?

Here you are the file provided by *VDEVD*:

- /usr/sbin/vdvd
- /usr/lib/vdev/helpers  (that's daemonlet, dev-setup.sh, echo_n, etc...)

And here you are the files provided by *EXAMPLE*:

- /usr/etc/init.d/vdev
- /usr/etc/vdev/actions/*.act
- /usr/etc/vdev/ifnames.conf
- /usr/etc/vdev/vdevd.conf

As you can see, *acls/00-whitelist-root.acl* is missing in the Makefile 
of "example".


Cheers,

  Aitor.



___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] vdev

[aitor_czr]

On 08/12/2016 09:35 AM, aitor_czr wrote:

Hi Richard,

On 08/11/2016 04:23 AM, richard lucassen  
wrote:

I've now made a snapshot of the vdev files from the working disk.
> >available atwww.realthing.com.au/files/vdev/vdev-snapshot.tgz.

>
>Thanks !

Aitor, does your vdev set the permissions and ownerships correctly?


I have to suid vdevd in debian/vdevd.postinst. The /usr/sbin is 
missing in your snapshot.


  Aitor.


No, i'll give the following permissions:

-rwxr-xr-x

Cheers,

  Aitor.



___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] vdev

[Ralph Ronnquist]

Is that the gentoo/eudev bundle? I'm not knowledgeable enough to have a 
comparative opinion re eudev vs vdev, but I don't mind giving that a go 
too. Though I'm not en par with package building...


Ralph.

On 11/08/16 18:07, richard lucassen wrote:

On Thu, 11 Aug 2016 10:00:10 +0200
richard lucassen  wrote:


And has someone ever played with eudev? Slackware has moved to eudev.
Maybe it's better to try that instead of vdev?


We're not alone there :)


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] vdev

[richard lucassen]

On Thu, 11 Aug 2016 10:00:10 +0200
richard lucassen  wrote:

> And has someone ever played with eudev? Slackware has moved to eudev.
> Maybe it's better to try that instead of vdev?

We're not alone there :)

-- 
richard lucassen
http://contact.xaq.nl/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] vdev

[richard lucassen]

On Thu, 11 Aug 2016 08:30:16 +1000
Ralph Ronnquist  wrote:

> Since '$?' is 'the result code of last command", it's IMO best placed 
> immediately after the command whose result code to capture. Here, 
> previously, it captured the result of the (failed, as it were)
> attempt to echo to the log file, rather than the result of event-put.

Ok, but apparently this did not make any difference, although I get the
impression that there are only four people in the world to test vdev.
Do you also have this phenomena that permissions are not set correctly
at boot time?

And has someone ever played with eudev? Slackware has moved to eudev.
Maybe it's better to try that instead of vdev?

-- 
richard lucassen
http://contact.xaq.nl/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] vdev

[aitor_czr]

Hi Richard,

On 08/11/2016 04:23 AM, richard lucassen  wrote:

I've now made a snapshot of the vdev files from the working disk.
> >available atwww.realthing.com.au/files/vdev/vdev-snapshot.tgz.

>
>Thanks !

Aitor, does your vdev set the permissions and ownerships correctly?


I have to suid vdevd in debian/vdevd.postinst. The /usr/sbin is missing 
in your snapshot.


  Aitor.




___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Bootloaders (was: SystemD's brownie points over non-systemd OSs)

[Arnt Karlsen]

On Thu, 11 Aug 2016 08:48:47 +0200, Arnt wrote in message 
<20160811084847.31359...@nb6.lan>:

> On Wed, 10 Aug 2016 18:45:18 -0400, Steve wrote in message 
> <20160810184518.2c014...@mydesk.domain.cxm>:
> 
> > Sometimes a good, prophylactic fresh install is just what's needed.
> 
> ..aye, todays El Reg:  
>   * Bungling Microsoft singlehandedly proves that golden
> backdoor keys are a terrible idea
>   Updated: Redmond races to revoke Secure Boot policy
>   http://go.reg.cx/tdml/c9288/57d49e7f/ffe47801/2n9H

..and then this:
* Linux security backfires: Flaw lets hackers inject malware
  into downloads, disrupt Tor users, etc
Analysis: TCP networking code scores own goal
http://go.reg.cx/tdml/c9288/57d49e7f/ffe47801/2nac


-- 
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Bootloaders (was: SystemD's brownie points over non-systemd OSs)

[Arnt Karlsen]

On Wed, 10 Aug 2016 18:45:18 -0400, Steve wrote in message 
<20160810184518.2c014...@mydesk.domain.cxm>:

> Sometimes a good, prophylactic fresh install is just what's needed.

..aye, todays El Reg:  
* Bungling Microsoft singlehandedly proves that golden backdoor
  keys are a terrible idea
Updated: Redmond races to revoke Secure Boot policy
http://go.reg.cx/tdml/c9288/57d49e7f/ffe47801/2n9H



-- 
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng